Hi Billy!
> I want to be able to reject at recipt time - that is if
> the actual IP address doesn't match the stated IP address, I want to
> reject the mail.
> Any guidance on this?
I recently posted the following ACL entry to the list, it will reject
the RCPT if HELO looks like an IP address, but does not match the
sending host:
deny condition = ${if match{$sender_helo_name}{\N^\d+(\.\d+){3}$\N}\
{yes}{no}}
condition = ${if eq{$sender_helo_name}{$sender_host_address}\
{no}{yes}}
message = Invalid recipient
log_message = open proxy (HELO)
You should put it after accepting mail from authenticated hosts. Some
MUAs like to give the originating host's IP address as HELO, and that
may well differ from the actual IP address that you get to see if the
host is being masqueraded.
Andy
